D3m0n1z3dShell
D3m0n1z3dShell is an advanced tool designed to establish and maintain persistence on Linux systems. Developed by MatheuZSecurity, it offers various methods to ensure continued access to compromised machines.
Key Features:
SSH Keypair Generation: Automatically generates SSH key pairs for all users, facilitating unauthorized access.
Persistence Mechanisms:
APT Persistence: Ensures the tool remains active through package management systems.
Crontab Persistence: Utilizes scheduled tasks to maintain access.
Systemd Persistence: Implements both user-level and root-level systemd services for persistence.
Bashrc Persistence: Modifies user shell configurations to reload the tool upon terminal access.
Privilege Escalation:
Privileged User & SUID Bash: Creates privileged users and sets SUID on bash to escalate privileges.
LD_PRELOAD Setup: Employs dynamic linker/loader preloading for privilege escalation.
Rootkit Integration:
LKM Rootkit: Incorporates a Loadable Kernel Module rootkit, modified to bypass detection tools like rkhunter and chkrootkit.
ICMP Backdoor: Implements a backdoor using ICMP packets for covert communication.
Static Binaries: Provides tools for process monitoring, credential dumping, system enumeration, and more.
Installation Methods:
Standard Installation:
One-Liner Installation:
Static Loading:
Pending Features:
Development of an LD_PRELOAD rootkit.
Process injection capabilities.
Additional persistence methods, including modifications to
rc.local,init.d, andmotd.Persistence via PHP and ASPX web shells.
Disclaimer: The use of D3m0n1z3dShell is intended for educational purposes only. Unauthorized use on systems without explicit permission is illegal and unethical.
Contribution: For contributions or inquiries, contact the developer on Twitter: @MatheuzSecurity.
For more details and updates, visit the GitHub repository.
Last updated
Was this helpful?